Computer Control & Audit An overview 2001

Computer Control & Audit Risks & exposures Preferred IT management practices Study & evaluation of internal control Other assurance services Computer-assisted audit techniques

Preferred IT Management Practices Planning, organizing, staffing & budgeting Leading, directing Assessing risk Communicating Monitoring & controlling

Study & Eval’n of Internal Control Documenting Systems General controls Management responsibilities Systems dev, acq’n & maintenance Security (physical and logical/electronic access) Availability (backup, recovery, insurance) Operations (infrastructure, personnel, software, data, procedures) Application controls Input, process, storage, output, aud trails

Application Controls

Other Assurance Services Service organizations (s. 5900) SysTrust WebTrust System quality Relevance + Reliability 3e’s: efficiency, effectiveness, economy

Computer-Assisted Audit Techniques Audit planning and administration System understanding System-oriented tests Test data Data-oriented tests Data extraction and analysis, parallel simulation Problem solving and decision support